Deployment & Launch

Ship with Confidence

Automated CI/CD pipeline, zero-downtime deployments, comprehensive monitoring, and a structured launch plan from pre-launch to post-launch growth.

1
CI/CD Pipeline
GitHub Actions workflow with parallel checks and auto-deploy

Push to main / develop

git push origin

Parallel Execution

Lint

npm run lint

Typecheck

npm run typecheck

Test

npm test

All checks pass

Build

npm run build

Auto-Deploy

Fly.io GitHub Integration

2
Fly.io Configuration
Infrastructure settings, Docker multi-stage build, and health checks
fly.toml
app vat-validator
primary_region fra (Frankfurt)
internal_port 3000
force_https true
auto_stop_machines true
auto_start_machines true
min_machines_running 1 (zero-downtime)
health_check GET /health every 10s
Dockerfile Multi-Stage Build
1 deps
  • npm ci
2 build
  • npm run build
3 production
  • COPY build artifacts
  • NODE_ENV=production
3
Environment Variables
Secrets and configuration managed via Fly.io secrets
Variable Description Source
SHOPIFY_API_KEY Shopify app API key Fly secrets
SHOPIFY_API_SECRET Shopify app secret Fly secrets
SHOPIFY_APP_URL App URL Fly secrets
SCOPES read_orders, write_orders, read_customers, write_customers Fly secrets
SUPABASE_URL Supabase project URL Fly secrets
SUPABASE_SERVICE_ROLE_KEY Supabase service role key Fly secrets
NODE_ENV production Dockerfile
SENTRY_DSN Error tracking DSN Fly secrets
4
Monitoring & Observability
Error tracking, health checks, and uptime monitoring
99.9%
Uptime Target
10s
Health Check Interval
0.1
Traces Sample Rate
85%
Cache Hit Rate
Sentry Error Tracking
  • tracesSampleRate: 0.1 (10% of transactions)
  • Remix error boundary integration
  • VIES API timeout / error tracking
  • Admin API rate limit tracking
Uptime Monitoring
  • UptimeRobot / Pingdom / Better Uptime
  • Monitor: /health endpoint (public, no auth)
  • Alerts: Email, Slack, SMS
  • HTTP 200 = healthy, 503 = degraded
Health Endpoint — GET /health
{ "status": "healthy" | "degraded", "checks": { "app": "ok", "database": "ok" | "error", "vies": { "circuitBreaker": "CLOSED", "lastSuccessAt": "2026-02-20T10:30:00Z" } }, "cache": { "hitRate": 0.85, "size": 1234 }, "uptime": 86400 }
200 — Healthy
503 — Degraded
5
Rollback Plan
Quick rollback strategies for application and database
Quick Rollback
# List all release versions fly releases # Rollback to previous version fly releases rollback # Rollback to a specific version fly releases rollback --version 42
Database Rollback
  • Option 1: Supabase PITR (Point-in-Time Recovery, Pro plan)
  • Option 2: Manual DOWN migration scripts
NEVER: supabase db reset on production
Feature Flags
FEATURE_VIES VIES API live validation enabled
FEATURE_CACHE Response caching layer enabled
FEATURE_NEW_UI New UI components disabled
6
Multi-Instance Notes
Scaling strategy from single instance to distributed state
MVP Single Instance
  • In-memory rate limiter (per-instance)
  • In-memory dedup cache (per-instance)
  • min_machines_running = 1
  • max_per_region = 1
Post-MVP Distributed State
  • Upstash Redis for shared state
  • Adapter pattern for rate limiter
RateLimiterAdapter // MVP InMemoryRateLimiter // Post-MVP RedisRateLimiter
7
API Version Pinning
All extensions and server must use the same Shopify API version
Current API Version: 2025-01
CI check: version drift detection
Files to sync (6 total)
vat-cart-widget/shopify.extension.toml
vat-cart-validation/shopify.extension.toml
vat-checkout-ui/shopify.extension.toml
vat-thank-you/shopify.extension.toml
vat-customer-account/shopify.extension.toml
app/shopify.server.ts
8
App Store Submission
Listing details, required assets, and review checklist
V
VAT Validator - EU VAT Number Verification
Validate EU VAT numbers at checkout. VIES verification for B2B compliance.
App Icon 1200x1200 px, PNG, no transparency
Required Screenshots (8)
1

Checkout VAT input

2

Validation success with company info

3

Admin dashboard

4

Settings page

5

Reports page

6

Cart page VAT input

7

Thank You page VAT collection

8

Customer account VAT profile

Technical Review
  • Latest Shopify API version
  • Checkout extension works
  • No console errors
  • Proper error handling
  • Loading states
  • Mobile responsive
  • All 5 webhooks registered
Security Review
  • OAuth flow secure
  • No sensitive data in logs
  • HTTPS enforced
  • Rate limiting
  • Input validation
UX Review
  • Clear value proposition
  • Easy onboarding
  • Helpful error messages
  • Documentation
  • Support contact
9
Launch Timeline
Structured plan from pre-launch preparation to post-launch monitoring

Pre-Launch Preparation

1 week before launch
Technical
  • All tests passing
  • Production environment ready
  • Database migrations applied
  • Monitoring & Sentry configured
  • Backups verified
Content
  • App listing finalized
  • Screenshots captured
  • Demo video recorded
  • Documentation published
Legal
  • Privacy policy
  • Terms of Service
  • GDPR compliance
Marketing
  • Landing page
  • Announcements drafted
  • Social posts prepared
  • Email campaigns ready

Launch Day

D-Day
Morning
  • Final deploy to production
  • Smoke tests on live
  • Submit to Shopify App Store
  • Public announcement
Monitoring
  • Error rates dashboard
  • Response times tracking
  • Supabase metrics
  • Signup monitoring
Support Readiness
Support channels active
Team on standby
Escalation path defined

Post-Launch Monitoring

Week 1
Daily Tasks
  • Review error logs
  • Respond to user feedback
  • Track usage metrics
  • Handle support tickets
Weekly Review
  • Usage report
  • Error summary analysis
  • Feedback analysis
  • Performance review
10
Post-Launch Roadmap
From stabilization to growth over the first 3 months
.

Stabilization

Week 1-2
  • Fix critical bugs
  • User feedback response
  • Performance optimization
Progress Target: 100%
.

Enhancement

Month 1
  • More languages (FR, NL)
  • Improved analytics
  • Webhook notifications
Progress Target: 80%
.

Growth

Month 2-3
  • Marketing push
  • Partner integrations
  • Advanced features
  • Case studies
  • Surface conversion tracking
Progress Target: 60%
11
Testing Strategy
Comprehensive test coverage from unit to performance
Test Type Tool Coverage / Target Status
Unit Vitest
Lines / Functions / Branches 80% / 80% / 75%
Required
Integration Vitest + Supabase mock API endpoint contracts Required
E2E Playwright Critical user flows Required
Performance Artillery
SLA: p50 < 200ms · p99 < 500ms
Target
Security Manual + automated OWASP top 10, input validation Ongoing
12
Risk Analysis
Identified risks with probability, impact, and mitigation strategies
Risk Probability Impact Mitigation
VIES API downtime Medium High Cache + circuit breaker + graceful degradation
Shopify API changes Low High Version tracking, quick updates
Low conversion Medium Medium Multi-plan support, wide market
Competitor pressure High Medium Multi-surface advantage
Theme incompatibility Medium Medium OS 2.0 App Block, fallback design